Fedora 41 Update: docker-buildx-0.24.0-1.fc41
Fedora 41 Update: maturin-1.8.6-1.fc41
Fedora 41 Update: rust-rusqlite-0.31.0-6.fc41
Fedora 41 Update: rust-hashlink-0.10.0-1.fc41
Fedora 41 Update: ruff-0.11.5-2.fc41
Fedora 41 Update: dnsdist-1.9.10-1.fc41
Fedora 42 Update: thunderbird-128.11.0-1.fc42
Fedora 42 Update: coreutils-9.6-4.fc42
Fedora 42 Update: ruff-0.11.5-2.fc42
Fedora 42 Update: rust-rusqlite-0.31.0-6.fc42
Fedora 42 Update: rust-hashlink-0.10.0-1.fc42
Fedora 42 Update: docker-buildx-0.24.0-1.fc42
Fedora 42 Update: maturin-1.8.6-1.fc42
Fedora 42 Update: dnsdist-1.9.10-1.fc42
Fedora 42 Update: mingw-python-flit-core-3.12.0-1.fc42
Fedora 42 Update: mingw-python-flask-3.1.1-1.fc42
[SECURITY] Fedora 41 Update: docker-buildx-0.24.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-464c59df2a
2025-05-30 01:44:07.670119+00:00
--------------------------------------------------------------------------------
Name : docker-buildx
Product : Fedora 41
Version : 0.24.0
Release : 1.fc41
URL : https://github.com/docker/buildx
Summary : Docker CLI plugin for extended build capabilities with BuildKit
Description :
Docker CLI plugin for extended build capabilities with BuildKit.
--------------------------------------------------------------------------------
Update Information:
Update package to release v0.24.0
Resolve: rhbz#2366388, rhbz#2360632
Upstream fixes and changes
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 21 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.24.0-1
- Update package to release v0.24.0
- Resolve: rhbz#2366388, rhbz#2360632
- Upstream fixes and changes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360632 - CVE-2025-22872 docker-buildx: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2360632
[ 2 ] Bug #2366388 - docker-buildx-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2366388
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-464c59df2a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: maturin-1.8.6-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-fb7b9c7c48
2025-05-30 01:44:07.670105+00:00
--------------------------------------------------------------------------------
Name : maturin
Product : Fedora 41
Version : 1.8.6
Release : 1.fc41
URL : https://github.com/PyO3/maturin
Summary : Build and publish Rust crates as Python packages
Description :
Build and publish crates with pyo3, rust-cpython and cffi bindings as
well as rust binaries as python packages.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.8.6.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 21 2025 Fabio Valentini [decathorpe@gmail.com] - 1.8.6-1
- Update to version 1.8.6; Fixes RHBZ#2365325
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366540 - CVE-2025-4574 maturin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366540
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-fb7b9c7c48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-rusqlite-0.31.0-6.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-575023fff7
2025-05-30 01:44:07.670098+00:00
--------------------------------------------------------------------------------
Name : rust-rusqlite
Product : Fedora 41
Version : 0.31.0
Release : 6.fc41
URL : https://crates.io/crates/rusqlite
Summary : Ergonomic wrapper for SQLite
Description :
Ergonomic wrapper for SQLite.
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we
ensure that it uses version 0.5.15 of the crossbeam-channel crate library.
rust-hashlink 0.10.0
API incompatible change: upgrade hashbrown to 0.15
API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher
from hashbrown so that in the future upgrading hashbrown is not an API
incompatible change
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 21 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.31.0-6
- Allow hashlink 0.10
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.31.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331134 - rust-hashlink-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2331134
[ 2 ] Bug #2366541 - CVE-2025-4574 ruff: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366541
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-575023fff7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-hashlink-0.10.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-575023fff7
2025-05-30 01:44:07.670098+00:00
--------------------------------------------------------------------------------
Name : rust-hashlink
Product : Fedora 41
Version : 0.10.0
Release : 1.fc41
URL : https://crates.io/crates/hashlink
Summary : HashMap-like containers that hold their key-value pairs in a user controllable order
Description :
HashMap-like containers that hold their key-value pairs in a user
controllable order.
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we
ensure that it uses version 0.5.15 of the crossbeam-channel crate library.
rust-hashlink 0.10.0
API incompatible change: upgrade hashbrown to 0.15
API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher
from hashbrown so that in the future upgrading hashbrown is not an API
incompatible change
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 1 2025 Cristian Le [git@lecris.dev] - 0.10.0-1
- Update to version 0.10.0; Fixes RHBZ#2331134
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331134 - rust-hashlink-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2331134
[ 2 ] Bug #2366541 - CVE-2025-4574 ruff: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366541
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-575023fff7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: ruff-0.11.5-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-575023fff7
2025-05-30 01:44:07.670098+00:00
--------------------------------------------------------------------------------
Name : ruff
Product : Fedora 41
Version : 0.11.5
Release : 2.fc41
URL : https://github.com/astral-sh/ruff
Summary : Extremely fast Python linter and code formatter
Description :
An extremely fast Python linter and code formatter, written in Rust.
Ruff aims to be orders of magnitude faster than alternative tools while
integrating more functionality behind a single, common interface.
Ruff can be used to replace Flake8 (plus dozens of plugins), Black,
isort, pydocstyle, pyupgrade, autoflake, and more, all while executing
tens or hundreds of times faster than any individual tool.
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we
ensure that it uses version 0.5.15 of the crossbeam-channel crate library.
rust-hashlink 0.10.0
API incompatible change: upgrade hashbrown to 0.15
API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher
from hashbrown so that in the future upgrading hashbrown is not an API
incompatible change
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.5-2
- Stop patching for hashbrown/hashlink 0.14/0.9; use 0.15/0.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331134 - rust-hashlink-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2331134
[ 2 ] Bug #2366541 - CVE-2025-4574 ruff: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366541
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-575023fff7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: dnsdist-1.9.10-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0c238cf731
2025-05-30 01:44:07.670046+00:00
--------------------------------------------------------------------------------
Name : dnsdist
Product : Fedora 41
Version : 1.9.10
Release : 1.fc41
URL : https://dnsdist.org
Summary : Highly DNS-, DoS- and abuse-aware loadbalancer
Description :
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life
is to route traffic to the best server, delivering top performance to
legitimate users while shunting or blocking abusive traffic.
--------------------------------------------------------------------------------
Update Information:
Updated to 1.9.10, this fixes CVE-2025-30193: Denial of service via crafted TCP
exchange
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 21 2025 Sander Hoentjen [shoentjen@antagonist.nl] - 1.9.10-1
- Update to 1.9.10
- fixes #2367441
- fixes #2367560, #2367561, #2367562, #2367460 (CVE-2025-30193)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2367441 - dnsdist-1.9.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2367441
[ 2 ] Bug #2367560 - CVE-2025-30193 dnsdist: Denial of service via crafted TCP exchange [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2367560
[ 3 ] Bug #2367561 - CVE-2025-30193 dnsdist: Denial of service via crafted TCP exchange [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2367561
[ 4 ] Bug #2367562 - CVE-2025-30193 dnsdist: Denial of service via crafted TCP exchange [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2367562
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0c238cf731' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: thunderbird-128.11.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a52491bdd9
2025-05-30 01:14:13.237192+00:00
--------------------------------------------------------------------------------
Name : thunderbird
Product : Fedora 42
Version : 128.11.0
Release : 1.fc42
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------------------
Update Information:
Update to 128.11.0
https://www.thunderbird.net/en-US/thunderbird/128.11.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 26 2025 Eike Rathke [erack@redhat.com] - 128.11.0-1
- Update to 128.11.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a52491bdd9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: coreutils-9.6-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f791604f4c
2025-05-30 01:14:13.237174+00:00
--------------------------------------------------------------------------------
Name : coreutils
Product : Fedora 42
Version : 9.6
Release : 4.fc42
URL : https://www.gnu.org/software/coreutils/
Summary : A set of basic GNU tools commonly used in shell scripts
Description :
These are the GNU core utilities. This package is the combination of
the old GNU fileutils, sh-utils, and textutils packages.
--------------------------------------------------------------------------------
Update Information:
sort: fix buffer under-read (CVE-2025-5278)
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 28 2025 Luk???? Zaoral [lzaoral@redhat.com] - 9.6-4
- sort: fix buffer under-read (CVE-2025-5278)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2368767 - CVE-2025-5278 coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2368767
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f791604f4c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: ruff-0.11.5-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-04894ce9bd
2025-05-30 01:14:13.237137+00:00
--------------------------------------------------------------------------------
Name : ruff
Product : Fedora 42
Version : 0.11.5
Release : 2.fc42
URL : https://github.com/astral-sh/ruff
Summary : Extremely fast Python linter and code formatter
Description :
An extremely fast Python linter and code formatter, written in Rust.
Ruff aims to be orders of magnitude faster than alternative tools while
integrating more functionality behind a single, common interface.
Ruff can be used to replace Flake8 (plus dozens of plugins), Black,
isort, pydocstyle, pyupgrade, autoflake, and more, all while executing
tens or hundreds of times faster than any individual tool.
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we
ensure that it uses version 0.5.15 of the crossbeam-channel crate library.
rust-hashlink 0.10.0
API incompatible change: upgrade hashbrown to 0.15
API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher
from hashbrown so that in the future upgrading hashbrown is not an API
incompatible change
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.5-2
- Stop patching for hashbrown/hashlink 0.14/0.9; use 0.15/0.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331134 - rust-hashlink-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2331134
[ 2 ] Bug #2366571 - CVE-2025-4574 ruff: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366571
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-04894ce9bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-rusqlite-0.31.0-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-04894ce9bd
2025-05-30 01:14:13.237137+00:00
--------------------------------------------------------------------------------
Name : rust-rusqlite
Product : Fedora 42
Version : 0.31.0
Release : 6.fc42
URL : https://crates.io/crates/rusqlite
Summary : Ergonomic wrapper for SQLite
Description :
Ergonomic wrapper for SQLite.
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we
ensure that it uses version 0.5.15 of the crossbeam-channel crate library.
rust-hashlink 0.10.0
API incompatible change: upgrade hashbrown to 0.15
API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher
from hashbrown so that in the future upgrading hashbrown is not an API
incompatible change
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 21 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.31.0-6
- Allow hashlink 0.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331134 - rust-hashlink-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2331134
[ 2 ] Bug #2366571 - CVE-2025-4574 ruff: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366571
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-04894ce9bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-hashlink-0.10.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-04894ce9bd
2025-05-30 01:14:13.237137+00:00
--------------------------------------------------------------------------------
Name : rust-hashlink
Product : Fedora 42
Version : 0.10.0
Release : 1.fc42
URL : https://crates.io/crates/hashlink
Summary : HashMap-like containers that hold their key-value pairs in a user controllable order
Description :
HashMap-like containers that hold their key-value pairs in a user
controllable order.
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we
ensure that it uses version 0.5.15 of the crossbeam-channel crate library.
rust-hashlink 0.10.0
API incompatible change: upgrade hashbrown to 0.15
API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher
from hashbrown so that in the future upgrading hashbrown is not an API
incompatible change
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 1 2025 Cristian Le [git@lecris.dev] - 0.10.0-1
- Update to version 0.10.0; Fixes RHBZ#2331134
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331134 - rust-hashlink-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2331134
[ 2 ] Bug #2366571 - CVE-2025-4574 ruff: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366571
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-04894ce9bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: docker-buildx-0.24.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6ddb790d26
2025-05-30 01:14:13.237121+00:00
--------------------------------------------------------------------------------
Name : docker-buildx
Product : Fedora 42
Version : 0.24.0
Release : 1.fc42
URL : https://github.com/docker/buildx
Summary : Docker CLI plugin for extended build capabilities with BuildKit
Description :
Docker CLI plugin for extended build capabilities with BuildKit.
--------------------------------------------------------------------------------
Update Information:
Update package to release v0.24.0
Resolve: rhbz#2366388, rhbz#2360632
Upstream fixes and changes
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 21 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.24.0-1
- Update package to release v0.24.0
- Resolve: rhbz#2366388, rhbz#2360632
- Upstream fixes and changes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360632 - CVE-2025-22872 docker-buildx: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2360632
[ 2 ] Bug #2366388 - docker-buildx-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2366388
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6ddb790d26' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: maturin-1.8.6-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7227c166f0
2025-05-30 01:14:13.237104+00:00
--------------------------------------------------------------------------------
Name : maturin
Product : Fedora 42
Version : 1.8.6
Release : 1.fc42
URL : https://github.com/PyO3/maturin
Summary : Build and publish Rust crates as Python packages
Description :
Build and publish crates with pyo3, rust-cpython and cffi bindings as
well as rust binaries as python packages.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.8.6.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 21 2025 Fabio Valentini [decathorpe@gmail.com] - 1.8.6-1
- Update to version 1.8.6; Fixes RHBZ#2365325
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366567 - CVE-2025-4574 maturin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366567
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7227c166f0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: dnsdist-1.9.10-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d2d34aad4c
2025-05-30 01:14:13.237061+00:00
--------------------------------------------------------------------------------
Name : dnsdist
Product : Fedora 42
Version : 1.9.10
Release : 1.fc42
URL : https://dnsdist.org
Summary : Highly DNS-, DoS- and abuse-aware loadbalancer
Description :
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life
is to route traffic to the best server, delivering top performance to
legitimate users while shunting or blocking abusive traffic.
--------------------------------------------------------------------------------
Update Information:
Updated to 1.9.10, this fixes CVE-2025-30193: Denial of service via crafted TCP
exchange
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 21 2025 Sander Hoentjen [shoentjen@antagonist.nl] - 1.9.10-1
- Update to 1.9.10
- fixes #2367441
- fixes #2367560, #2367561, #2367562, #2367460 (CVE-2025-30193)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2367441 - dnsdist-1.9.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2367441
[ 2 ] Bug #2367560 - CVE-2025-30193 dnsdist: Denial of service via crafted TCP exchange [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2367560
[ 3 ] Bug #2367561 - CVE-2025-30193 dnsdist: Denial of service via crafted TCP exchange [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2367561
[ 4 ] Bug #2367562 - CVE-2025-30193 dnsdist: Denial of service via crafted TCP exchange [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2367562
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d2d34aad4c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-python-flit-core-3.12.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-853e37285c
2025-05-30 01:14:13.237014+00:00
--------------------------------------------------------------------------------
Name : mingw-python-flit-core
Product : Fedora 42
Version : 3.12.0
Release : 1.fc42
URL : https://pypi.python.org/pypi/flit_core
Summary : MinGW Python flit_core library
Description :
MinGW Python flit_core library.
--------------------------------------------------------------------------------
Update Information:
Update to flask-3.1.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 28 2025 Sandro Mani [manisandro@gmail.com] - 3.12.0-1
- Update to 3.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366239 - CVE-2025-47278 mingw-python-flask: Flask Session Signing Fallback Key Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366239
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-853e37285c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-python-flask-3.1.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-853e37285c
2025-05-30 01:14:13.237014+00:00
--------------------------------------------------------------------------------
Name : mingw-python-flask
Product : Fedora 42
Version : 3.1.1
Release : 1.fc42
URL : https://palletsprojects.com/p/itsdangerous/
Summary : MinGW Windows Python flask library
Description :
MinGW Windows Python flask.
--------------------------------------------------------------------------------
Update Information:
Update to flask-3.1.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 20 2025 Sandro Mani [manisandro@gmail.com] - 3.1.1-1
- Update to 3.1.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366239 - CVE-2025-47278 mingw-python-flask: Flask Session Signing Fallback Key Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366239
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-853e37285c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
